Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
Software | From | Fixed in |
---|---|---|
francisco_burzi / php-nuke | 6.0 | 6.0.x |
francisco_burzi / php-nuke | 6.5 | 6.5.x |
francisco_burzi / php-nuke | 6.5_beta1 | 6.5_beta1.x |
francisco_burzi / php-nuke | 6.5_final | 6.5_final.x |
francisco_burzi / php-nuke | 6.5_rc1 | 6.5_rc1.x |
francisco_burzi / php-nuke | 6.5_rc2 | 6.5_rc2.x |
francisco_burzi / php-nuke | 6.5_rc3 | 6.5_rc3.x |
francisco_burzi / php-nuke | 6.6 | 6.6.x |
francisco_burzi / php-nuke | 6.7 | 6.7.x |
francisco_burzi / php-nuke | 6.9 | 6.9.x |
francisco_burzi / php-nuke | 7.0 | 7.0.x |
francisco_burzi / php-nuke | 7.0_final | 7.0_final.x |
francisco_burzi / php-nuke | 7.1 | 7.1.x |
francisco_burzi / php-nuke | 7.2 | 7.2.x |